admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-28 08:01:17 +00:00
parent 208fe32322
commit 47fbad31a8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
2022/25xxx/CVE-2022-25757.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{\"string_payload\":\"bad\",\"string_payload\":\"good\"}` can be used to hide the \"bad\" input.\n\nSystems satisfy three conditions below are affected by this attack:\n1. use body_schema validation in the request-validation plugin\n2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay\n3. upstream application does not validate the input anymore.\n\nThe fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX.\nImproper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions."
"value": "In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{\"string_payload\":\"bad\",\"string_payload\":\"good\"}` can be used to hide the \"bad\" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions."
}
]
},
@ -70,8 +70,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/03vd2j81krxmpz6xo8p1dl642flpo6fv"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/03vd2j81krxmpz6xo8p1dl642flpo6fv",
"name": "https://lists.apache.org/thread/03vd2j81krxmpz6xo8p1dl642flpo6fv"
}
]
},
@ -84,4 +85,4 @@
"value": "1. upgrade APISIX to 2.13.0 if you need to use the body_schema validation in the request-validation plugin\n2. add additional validation in the application code, embrace defensive programming"
}
]
}
}